Metering in a data processing system

ABSTRACT

Λ data processing system is described wherein use of resources in the system is metered. Metering evidence is generated which is difficult to forge and is, thus, relavely resitant to tampering. Such a system finds application, for example, in the field of metering the amount of time a person spends reading advertisement that are published on the World Wide Web. If reliable, such metering evidence may be used by the owner of the web server that contains the adverstisement to bill the originator of the advertissement.

TECHNICAL FIELD

[0001] The present invention relates to metering in a data processingsystem. In particular, although not exclusively, the invention relatesto the generation of metering evidence which is relatively difficult toforge and relatively resistant to tampering.

BACKGROUND

[0002] Use of the Internet, especially the world-wide-web (www or web),is rapidly growing. Accompanying this growth is a growth in the numberand kind of new services which can potentially be offered over theInternet. With many new services in future, the inventors expect thatthere will need to be many different models for billing the variousparties who may be involved in providing, using and supporting theservice. Specifically, increasingly, electronic services supplied over apublic network, such as the Internet, are expected to require meteringin terms of the length of time or the number of instances of the serviceusage.

DISCLOSURE OF THE INVENTION

[0003] In accordance with a first aspect, the present invention providesa method of metering activity of a data processing system resulting inthe generation of respective tamper-resistant metering evidence, thetamper-resistance of the metering evidence being attributable to thedifficulty of factorising a large integer, which has only two primefactors of roughly equal size.

[0004] As described in more detail hereafter, the activity may takedifferent forms, In some embodiments, the activity may comprise meteringuser activity or user interaction with a data processing system orprocess. For example, the activity may comprise a user reading anadvertisement displayed by the data processing system. Alternaively, theactivity may be a user using a software application such as a game, aword processor or the like. In other embodiments, the activity mayinvolve the data processing system executing a process that requireslittle or no user interaction. Indeed, the activity may compriseInteraction purely between data processing systems involving no userinteraction. For example, in a distributed data processing environment,one data processing system may need to interact autonomously with one ormore other data processing systems in order to complete a task. In suchcircumstances, it might be advantageous if each data processing systemcould meter use of its resources by other data processing systems forfuture billing or auditing purposes.

[0005] In a preferred embodiment, the method comprises iterativelyevaluating the result of a mathematical function using the large integeras an input to the function, and using a result of one iteration of thefunction as an input to a next iteration of the function.

[0006] Other embodiments or aspects of the invention will becomeapparent from reading the following detailed description and claims.

BRIEF DESCRIPTION OF THE DRAWINGS

[0007] Embodiments of the present invention will now be described by wayof example only with reference to the accompanying drawings, of which:

[0008]FIG. 1 is a block diagram of a distributed system suitable forenacting the present invention; and

[0009]FIG. 2 is a flow diagram illustrating the main steps involved inenacting the first embodiment of the present invention.

BEST MODE FOR CARRYING OUT THE INVENTION, & INDUSTRIAL APPLICABILITY

[0010] The following exemplary embodiments can be described withreference to FIG. 1, which illustrates only one of a number of possiblesystems in which the present invention may be practiced using theInternet. It will be apparent, however, that use of the Internet as suchis not a requirement of the invention.

[0011] In FIG. 1, an ISP 100 is connected to, and is accessible via, theInternet 110 in the usual manner. In this instance, the ISP 100comprises a conventional computer system 102, for example a Windows NTor UNIX based system, having at least one processor running a web serverprocess 104, or simply a web server, and an ISP metering process 106.The ISP 100 also includes storage 108, such as a hard disk drive, forstoring a large number of web pages, which can be downloaded by acustomer using a respective computer system 120.

[0012] A customer computer system 120 comprises a conventional computersystem running a web browser process 122 such as Internet Explorer orNetscape Navigator, and a customer metering process 123. The browser 122is controlled to access the Internet and download data such as web pagesfrom remote sources such as the ISP 100 in the conventional manner. Thedownloaded data are processed by the web browser 122, for example todisplay web pages and additionally (or alternatively) execute downloadedmobile code or other applications. The user controls the operation ofthe browser process 122 with a standard interface such as a keyboard 124or mouse 126 and any results are displayed on a visual display unit 128in the usual way. The customer can download web pages or other contentfrom the ISP 100 by entering the respective web page address into thebrowser process 122 or by controlling the mouse to ‘click’ on anappropriate ‘hyperlink’ in the usual manner.

[0013] Also shown in FIG. 1 is a content provider 150, which originatescontent to be stored by the ISP 100 and made available by the ISP tocustomers over the Internet 110.

[0014] The content provider 150 may also comprise a conventionalcomputer system 150, which may be connected directly to the ISP 100 orvia the Internet 110. Alternatively, the content provider 150 may simplyprovide content to the ISP 150 in advance, for example on a storagemedium such as CD-ROM or floppy disk. For the present purposes, thecontent provider 150 is connected to the ISP 100 via the Internet 110 insuch a way that it can communicate with the ISP 100.

[0015] According to a first embodiment, an advertisement service isprovided in which the content provider 150 is an advertiser and thecontent is web-based adverts or web pages containing adverts.

[0016] By way of background to the first embodiment, the electroniccommerce potential of the Internet, In particular of the world-wide-web(WWW or web), has brought forward a now business of offering free accessto the Internet. Organisations such as Geocities (www.geocity.com),Yahoo! (www.yahoo.com), BT (www.btintemet.com), Dixons(www.freeserve.net), and TESCO (www.tesco.co.uk/indexn.htm) are a fewexamples of free Internet Service Providers (ISP). Web advertising isconsidered one of the sources of revenue for free ISPs. Compared withthe traditional hardcopy-printing-based advertising, the web version Iscost effective, speedy and can be conveniently connected to shoppingover the Internet For example, after viewing an advert, a customer canorder goods right away with a single mouse click. Another importantadvantage of web advertising over paper-based advertising is the ease ofcollecting data relating to consumers' purchasing behaviour and ofmining that Information. Such information is a valuable commodity for aseller.

[0017] The cost of placing an advert typically has a close relationshipto the popularity of the medium containing the advert It is important,therefore, to be able to measure the popularity of a webpage in order todetermine an appropriate charge for an advert. In addition, when anadvertiser is also an ISP (e.g., in the case of TESCO), it willnaturally like to encourage the customers (e.g., clubcard or loyaltycardholders) to spend more time on reading the adverts. Many organisationsprovide customers with so-called ‘clubcards’ or ‘loyaltycard’ wherebyeach time the customer purchases a product or service he acquires extra‘points’, which may be used to gain discounts on future purchases.Therefore, granting clubcard or loyaltycard points according to the timespent on an advert page might be an appropriate incentive for customersto spend time reading adverts. For instance, if a customer opens awebpage containing an advert, and spends a while (say one minute)reading the advert. they can earn one point. The more time the customerspends on reading adverts, the more points they will collect.

[0018] An exemplary process for metering a customer reading adverts willnow be described with reference to FIG. 2.

[0019] First, in step 10 the customer ‘clicks’ on a hyperlink todownload from the ISP 100 a web page containing an advert. This causesthe browser 122 to generate a message 200, which is sent to the ISP 100via the Internet 100 in step 15. Once received by the ISP 100, the webserver 104 prepares the requested web page for transmission back to thecustomer 120 in step 20. In addition, in step 20, the web server 104executes the ISP metering process 106, which generates mobile codeincluding a number n, a number e and one further number, x The mobilecode may be in the form of a Java Applet; The ISP metering process 106returns the mobile code and the numbers (n, x, e) to the web server 104and the ISP 100 sends back to the customer 120 the web page containingthe advert accompanied by the mobile code and the three numbers (n, x,e), all in step 25.

[0020] The number n is a large positive integer, which has only twoprime factors p and q of roughly equal size. In other words, n =pq. Ifthe advertiser 150 does not trust the ISP 100, then the advertiser 150may itself generate n, and forward it to the ISP, but keep p and qsecret. This may be done in advance of any advert download request or ondemand. The number e is defined below:e=2{circumflex over ( )}u+1 (modλ(n)) where u is a positive integer roughly equal to (log _(—)2 n)/2;and mod λ(n) denotes the least common multiple of p−1 and q−1. As in thecase of n, e is fixed during the system setup stage and is made public.Finally, x is a random positive integer less than n, which may begenerated by the advertiser 150 or by the ISP 100.

[0021] The customer 120 receives the web page, the mobile code and thenumbers (n, x, e), and the web browser 122 displays the web pagecontaining the advert in step 30. Also in step 30, during the time thecustomer reads the advert, the customer metering process 123 executesthe mobile code automatically to calculate values of a and t, accordingto the following simple, iterative ‘Timing’ algorithm: Timing(n, x, e) a

h(x); y <- a; t

1; while (“customer reads the web page”) { a

ya{circumflex over ( )}e mod n; t

t + 1; } return (t, a); end.

[0022] In the algorithm above, h ( ) denotes a secure one-way hashfunction that the system has agreed; the symbol ← means “is made equalto”. For example, in the second line of the algorithm, variable ‘a’ ismade equal to the value of integer ‘h(x)’. The algorithm iterates whilethe customer reads the web page. Each iteration represents one ‘tick’ ofthe Timing algorithm. The number of ticks accumulated is represented bythe value of t.

[0023] When the customer leaves the web page, in step 40, for example byclicking on another web page or by dosing the web browser, the mobilecode stops executing the Timing algorithm In step 50 and the customermetering process 123 returns the respective metering result (n, x, e, t,a) to the ISP 100 In step 55. Thus, the metering result is evidence ofthe time the customer spent reading the advert web page.

[0024] The metering result value a satisfies:

a=h(x)^(b)(mod n), where b=1+e+e ² + . . . +e ^(t)(mod λ(n))

[0025] Here λ(n)=|cm(p−1, q−1). the least common multiple of p−1 andq−1.

[0026] Let exponentiation modulo n take a unit of time. Then, generatinga valid pair (t, a) using Timing takes t ticks, or units, of time. TheTiming algorithm is intrinsically sequential, which means there is noobvious way to parallelise the procedure with an aim of saving time. Onemay compute the exponent b′ first and then perform one exponentiationmodulo n. However, without the knowledge of the order of x, the exponent

b′=1+e+e ² + . . . +e′  (1)

[0027] Is not compact, which means that the size of b′ is t|n| (here |n|means the bit size of n In binary representation). Therefore, theexponentiation using the large exponent b′ still takes t units of time:a huge space is required while no time is saved. In other words, itwould take as long to generate false evidence as it does to generategenuine evidence.

[0028] When the ISP 100 receives the metering result (n, x, e, t, a), itstores the result for future billing of the advertiser in step 60. Ifthe advertiser wishes to verify the integrity of the metering result, itcan do so using the following efficient method. First, the advertiser150 calculates

E←e ^((t+1))mod λ(n),  (2)

[0029] and then verifies

a ^((e−1)) =h(x)^((E−1))(mod n).  (3)

[0030] If the verification of the congruence (3) passes, the durationevidence is accepted as valid.

[0031] This verification algorithm only takes three units of time, sincecomputing (2) and (3) only involves three modular exponentiation. Thealgorithm also has a constant space complexity of |n|, since E has thesame size of n. Thus, the advertiser is able to check a large amount ofevidence efficiently. The efficiency is obtained as a result of theadvertiser knowing the secret λ(n), which allows him to compute E in (2)In a compact manner.

[0032] The advertiser has an efficient procedure to validate a piece ofmetering evidence. However, It cannot efficiently construct theevidence. Based on (2) and (3), in order to construct the value a, theadvertiser needs to compute (E−1)(e−1)⁻1 mod λ(n). But in our definitionof e, we have (e−1)=2{circumflex over ( )}u, which is not relativelyprime to λ(n) and therefore (e−1)⁻¹ mod λ(n) does not exist The onlyother way to construct the value a other than using t steps (as is donein Timing(n, x, e)) requires the advertiser first to extract the(2{circumflex over ( )}u)-th root from h(x)^((E−1))(mod p) and the(2{circumflex over ( )}u)-th root from h(x)^((E−1))(mod q) and then touse the Chinese Remainder Theorem to combine the two results into the(2{circumflex over ( )}u)-th root from h(x)^((E−1))(mod n). This Isprohibitively difficult if a large volume of evidence needs to beforged.

[0033] A minor addition to the first embodiment makes it possible forany third party, who does not have knowledge of the secret p and q, toverify the validity of the metering evidence. Specifically, if thecustomer metering process 123 in addition returns the value of a(t−1),the third party can then generate a by initiallsing the Timing algorithmwith the values of a(t−1) and t−1 and iterating the algorithm once togenerate a new value a′. Clearly, if a′=a, then this proves that thecustomer must have run the Timing algorithm to generate the evidence.

[0034] In summary, the advertising fees that an advertiser pays an ISP(if they are separate entitles) are dependent on the popularity of theadvert web pages, where popularity is taken herein to be proportional tothe amount of metering evidence which has been generated for arespective web page. In addition, for example, the number of rewardpoints allocated to a customer can be determined by the size of themetering evidence that a particular customer generates.

[0035] For the purposes of associating metering evidence with aparticular customer, it is possible for the mobile code to return anidentity of a customer with respective metering evidence. In addition,it would be possible to incorporate a numeric customer identifier intothe function for generating a. Of course, there are many differentfunctions suitable for generating a; the algorithm above being one verysimple example.

[0036] In addition, an ISP may try to create time duration evidence withthe intention of over-charging an advertiser. This may be the case ifthe advertiser does not trust the ISP. However, as has already beendescribed above, the only way for the ISP to generate metering evidenceis to behave as a customer, which is very labour-Intensive if asignificant amount of evidence is to be generated. Indeed, the time andresources taken to generate the evidence would probably cost the ISPmore than would be gained by the increased advertising revenue.

[0037] In a second embodiment of the present invention, the contentprovider 150 is a software rental company. The software to be rented isstored by the ISP 100 ready for downloading for rental by customers.

[0038] According to FIG. 1, In operation, the customer selects thesoftware he wishes to rent by clicking on an appropriate hyperlink. Thecustomer transmits an appropriate message to the ISP 100 via theInternet 110. The ISP 100 receives the message from the customer andinterprets it as a request to rent the respective software. In return,the ISP 100 sends the customer the requested software code accompaniedby mobile code and the three numbers (n, x, e), as already describedabove. When the customer runs the software, the meter automatically runsas specified above. The meter runs for as long as the customer uses thesoftware. When the customer finishes using the software, he ‘exits’ andthe meter transmits the metering result back to the software rentalcompany. Customer payment is calculated on the basis of a time (e.g.hourly) usage, for example by debiting the customers bank account orcredit card, the details of which may have been entered at the beginningof the process, or may be known in advance from previous dealings. Basedon the verification of metering evidence, the ISP 100 can charge thecustomer and the content provider can charge the ISP, minus anytransaction charge levied by the ISP.

[0039] Depending on the nature of the software that is being rented, itmay be preferable for the software to incorporate the functionality ofthe mobile code, rather than having the mobile code as a separate pieceof functionality. An advantage of this approach is that it is impossibleto separate the operation of the Timing algorithm from use of thesoftware,

[0040] In an alternative form, the software rental embodiment may bearranged such that, after a certain time (e.g. 100 hours) of paid use,the software can be used by the customer without further charge. Such anarrangement is sometimes known as ‘rent-to own’. For example, after 100hours paid use, the customer gets a certificate automatically issued bythe programme, including the data values (n, e, t, x, a=f(x, t), a′=f(x,t−1)), where f(x, t) is the output of the Timing algorithm specifiedabove and t−1 equates to 100 hours of paid use. For the purpose ofmessage authentication, the value a=f(x, t) may have been signed by theISP acting as the meter owner. This certificate proves that the customerhas run the programme at least t−1 units of time, and it is universallyverifiable. In addition, with this certificate, the customer can run thesoftware on any different computing platform, for example computer 121in FIG. 1, which is able to verify the validation of the certificatewith only one “tick” by using Timing algorithm. In other words, once acomputer has access to the Timing algorithm, it can substitute thevalues n, e, t, x, a′=f(x, t−1) into the algorithm and then simplyiterate it one more time. If the iteration results in a=f(x, t), thenthe computer can be arranged to understand that the customer hasgenuinely acquired the right to use the software without furtherpayment.

[0041] In a third embodiment of the present invention, a customer isable to play games using a ‘pay-per-play service’. In a similar fashionto the previous two embodiments, a customer can select and download froman ISP a computer game provided by a game content provider. Accompanyingthe downloaded game is a ‘Timing’ meter process, which runs on thecustomers computer when the customer starts playing the game, andcontinues for as long as the customer continues to play the game. Inthis embodiment, for example, the correct values of metering evidence(say, one value for each session) have to be sent to the contentprovider to keep the game running continuously. In this embodiment, thecontent provider acts as a meter owner and the ISP acts as a verifier.Based on the verification of metering evidence, the content provider cancharge the customer and the ISP can charge the content provider.

[0042] The skilled person will appreciate that the present inventionfinds application in many forms, as well as in those embodimentsdescribed above. In addition, the invention may be augmented in manydifferent ways to render it more ‘tamper proof’, depending on howimportant security is. For example, where it is essential to be able toreliably identify the customer, or other party, responsible forgenerating the metering evidence, it might be preferable for themetering evidence to be signed using an appropriate personal certificateof the customer, In this way, It would be extremely difficult for anyother party (who does not have knowledge of the certificate) to forgethe evidence. For the avoidance of doubt, this additional step may beapplied to any of the embodiments described herein.

[0043] Furthermore, on close inspection of the above embodiments, itwill become apparent that the only Information that needs to be providedby the content provider, or indeed by the ISP, is the value n. In fact,n its if may be published by the content provider, and may not need tobe supplied by the content provider or ISP each time content isdownloaded. For example, assume that n, the Timing algorithm and thevalues x and e are generally known. Additionally, the customer itselfmay generate x and e. Then, a customer need only download the contentand rely on having already acquired, or generated, the information andmeans necessary to return appropriate metering information. Of course,under these circumstances, the downloaded content would need to bearranged appropriately so that It could only be displayed or executed ifthe respective Timing algorithm were operating. However, the skilledperson would be aware of many possible techniques for ensuring that thiswould be the case. For example, the browser may be programmed to onlypermit viewing or execution of downloaded content when the appropriateTiming algorithm Is executing.

[0044] Although the above embodiments relate to simple metering tasksrelating to user interaction with a process, it will be apparent to theskilled person that the principles described herein have far broaderapplication, for example metering of interactions between dataprocessing systems.

1. A method of metering activity of a data processing system resultingin the generation of respective tamper-resistant metering evidence, thetamper-resistance of the metering evidence being attributable to thedifficulty of factorising a large integer which has only two primefactors of roughly equal size.
 2. A method according to claim 1,comprising iteratively evaluating the result of a mathematical functionusing the large integer as an input to the function, and using a resultof one iteraton of the function as an input to a next iteration of thefunction.
 3. A method according to claim 2, wherein the meteringevidence comprises a result of the mathematical function taken at ornear the end of the activity.
 4. A method according to claim 2 or claim3, wherein the mathematical function has the form: Timing(n, x ,e) a

h(x); y <- a; t

1; while process is executing { a

ya^(e) mod n; t

t + 1; } return (t, a); end,

where n=pq is the large integer having two prime factors p and q ofroughly equal size; e=2{circumflex over ( )}u+1 (mod λ(n)) whereλ(n)=|cm(p−1, q−1) is the least common multiple of p−1 and q−1; u is apositive integer roughly equal to (log _(—)2 n)/2; n, e and u are madepublic; x is a random positive number less than n; and t is the meteringresult.
 5. A method according to any one of the preceding claims,wherein the activity comprises executing a process.
 6. A methodaccording to claim 5, wherein the activity further comprises userinteraction with the process.
 7. A method according to claim 5 or claim6, wherein the process is first downloaded from a remote source.
 8. Amethod according to claim 7, wherein the large integer accompanies theprocess.
 9. A method according to any one of claims 5 to 8, wherein theactivity comprises displaying an advertisement.
 10. A method accordingto any one of claims 5 to 8, wherein the activity comprises a user usinga software application process.
 11. A method according to any one of thepreceding claims, wherein the metering evidence relates to timeassociated with the activity.
 12. A method according to any one ofclaims 1 to 10, wherein the metering evidence relates to processingcycles of the data processing system associated with the activity.
 13. Amethod of metering the amount of time a user spends reading anadvertisement comprising the steps: displaying the advertisement; andduring display of the advertisement, iteratively evaluating the resultof a mathematical function using a large integer which has only twoprime factors of roughly equal size as an input to the function, andusing a result of one iteration of the function as an input to a nextiteration of the function.
 14. A method of metering use of a processexecuting on a data processing system comprising the steps: executingthe process; and during execution of the process, iteratively evaluatingthe result of a mathematical function using a large integer which hasonly two prime factors of roughly equal size as an input to thefunction, and using a result of one iteration of the function as aninput to a next iteration of the function.
 15. A method according to anyone of the preceding claims in which the metering evidence is used tobill a user for the associated activity.
 16. A method according to anyone of the preceding claims, wherein the metering evidence, is used by aservice provider that is associated with facilitating the activity tobill an originator of a commodity delivered by the service provider andassociated with the activity.
 17. A method according to any one of thepreceding claims, wherein the metering evidence is used to credit a userwho is associated with the activity with means to acquire products orservices under relatively better terms.
 18. A method according to anyone of the preceding claims, wherein verification of the meteringevidence requires knowledge of the two prime factors.
 19. A methodaccording to any one of claims 2 to 17, wherein verification of themetering evidence is evaluated using a final iterative result and aprevious iterative result.
 20. A method for verifying metering evidencegenerated according to any one of the preceding claims substantiallybased on the steps in formulae (2) and (3) as hereinbefore described.